LDAP Injection

The amount of data stored in organisational databases has increased rapidly in recent years due to the rapid advancement of information technology. A high percentage of the data is sensitive, private and critical to those organisations, their clients, suppliers and partners.

Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitising user inputs first.

Compact & versatile: The quad-core 4-bay M.2 SATA SSD NASbook that provides quick and easy access to cloud storage

Compact & versatile: The quad-core 4-bay M.2 SATA SSD NASbook that provides quick and easy access to cloud storage

The compact, near-silent, and versatile TBS-453DX M.2 SSD NASbook is ideal for office meetings and multimedia applications. With CacheMount, you can map multiple cloud storages and enable caching to work with online files as fast as the files stored on your TBS-453DX

SQL injection

SQL injection

Although a common problem with web applications, this vulnerability can affect any application that communicates with a database management system via Structured Query Language.

A SQL injection occurs when the application fails to properly sanitize user-supplied input used in SQL queries. In this way an attacker can manipulate the SQL statement that is passed to the back-end database management system. This statement will run with the same permissions as the application that executed the query.

New 25GbE QNAP NIC

New 25GbE QNAP NIC

QNAP® Systems, Inc. today unveiled the new dual-port 25GbE QXG-25G2SF-CX4 and 10GbE QXG-10G2SF-CX4 network NICs. Featuring Mellanox® ConnectX®-4 Lx SmartNIC controllers, these cards can greatly boost file transfer speeds and also support iSER (iSCSI Extension for RDMA) to optimize VMware virtualization. Both cards are PCIe Gen3 ×8 and can be installed in a Windows®/Linux® PC or compatible QNAP NAS. 

The main steps of a penetration testing

The main steps of a penetration testing

There are different technologies and challenges during the penetration testings and they range between new web applications to relatively outdated systems. Most of known vulnerabilities such as SQL injections, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML injections, Security Misconfiguration and Path Traversal are usually found during a penetration testing.

Teamwork latest features summary

Teamwork latest features summary

This article summarises all the latest updates, features and tricks the Teamwork guys have released in the past few months. We have summarised them all in one list with some short instructions. We also included the original links to the full official Teamwork.com articles and help docs.